In a nutshell, Transaction Malleability is a weakness in the original Bitcoin implementation that enables a bad actor to change the unique ID of a bitcoin transaction before it is confirmed on the Blockchain. Such a change makes it possible for someone to pretend that a transaction didn’t happen, if all necessary conditions are in place.

As the Coindesk article points out, a successful attack requires certain conditions that make a successful attack difficult or even unlikely. Many analysts referred to it as a bug that should eventually be fixed, rather than an urgent issue.

Was This Flaw Addressed

Transaction malleability was addressed (for Bitcoin) with the introduction of Segregated Witness (SegWit) in August 2017. 1, 2

But Was There a Successful Attack?Attack? Yes. Successful? It’s doubtful…

In March 2017, five months before SegWit was implemented, a mining pool that administers 2% of worldwide activity launched a malleability attack. No one lost money – and some individuals believe that they did this to emphasize urgency and hasten the adoption of SegWit.

What About Lightning Network?

The Lightning Network is a ‘Level 2’ network overlay, currently being adopted by miners (depending on the service or exchange, it is being incrementally activated in the first months of 2018). To function properly, it requires that transaction malleability be solved. But, in the event that a miner is not SegWit compliant, it can resolve the malleability problem in other ways.

1 SegWit should not be confused with SegWit2x, an upgrade process that was cancelled a few months later in November. 2017

2 In the TechTalk article linked above, the author concludes:

“Transaction Malleability is fixed with Segregated Witness by no longer taking into account signatures when calculating the transaction’s fingerprint. Fixing Transaction Malleability means that the Lightning Network can work smoothly.”